API Reference Guide

All Onemoney APIs are completely RESTful. All responses are returned in JSON.

The financial data returned as part of responses to data requests are in encrypted XML format. The data is stored as one of the attributes in the JSON response structure.

Onemoney APIs can be used in one of two modes, Test and Live. Visit our developer portal to receive API keys to try out our APIs.

API Gateway URL

Onemoney API Gateway URL https://api-sandbox.onemoney.in/

Please include this before each API endpoint to make API calls

API Authorisation

As an FIU

Digital signature generation and validation is currently switched off on our sandbox, for all API-based exchanges between the FIU and the AA. Enabling this involves the exchange of public key information. The same can be done in production-mode through the Central Registry hosted by Sahamati. If you are interested in more information on this, please write to [email protected]

When you access Onemoney APIs, you are authorized based on an FIU ID (Financial Information User ID) and an API key issued to you by us, using the developer portal.
The API key can be generated by you as part of the Settings > API Keys function.

The API key needs to be placed in the header of each API request, as shown below:

Conversely, all APIs implemented by you, such as Post Consent Notification and Post /FI/Notification, that are called by Onemoney, also need to be authorized by you based on an API key issued by you to us.

While using our APIs in test mode, this API key too can be generated by the portal through Settings > API Keys function.

As an FIP

Coming Soon

As a Consent Manager

In order to connect to Onemoney APIs to allow consumer registration and consent management activities you need to provide sessionId in header in some APIs and client ID and client secret in some APIs. You need to get the Client ID and Client Secret through the developer portal.

Header Parameters Details

Field
Value
Description
Required?
content-Type
application/json
Specify the request params type
Yes
client_Secret
string
This is an API key issued to server side application
Conditional
(required only for server application calling the api)
organisationid
string
An id issued to the organisation calling the API
Yes
client_id
string
An API key issued to the organisation
Yes
appidentifier
string
An API key issued to the organisation
Conditional
(Required only if the API is being called from a front-end application, not server-side.)
sessionId
string
A short lived user token
Yes

Header elements for API calls from front-end applications

The organisationid (FIU ID), appidentifier and client_id (generated through the developer portal) needs to be placed in the header of each API request, as shown below:



Header elements for API calls from server-side

The organisationid (FIU ID), client_id and client_secret (generated through the developer portal) needs to be placed in the header of each API request, as shown below:


Header elements for API calls requiring sessionId

The sesionId needs to be placed in Header of API requests as shown below: